Facebook Searches Dark Web For Stolen Passwords

facebookThis actually is in the “good news” department.  The some security folks at Facebook are scouring the Dark Web, looking for rainbow tables of user names and passwords in order to find Facebook users who may be reusing the same password on multiple sites.  As we have discussed here many times, password reuse creates a serious security vulnerability.  If the cyber-crooks have your password for one site, they will try it on other ...

Continue Reading →
0

Are ICS and SCADA Systems the Next IOT Disaster?

industrial-securityThere is a lot of talk in the cybersecurity world about Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems that run the US power grid, water utilities, gas piplines, oil refineries, and countless factories.  We discussed how all this might play out in the electrical grid when I reviewed Ted Koppel’s new book Lights Out.

We saw the kind of damage that an IoT botnet ...

Continue Reading →
0

You Just Got An Email From A Friend – But It Was A Phish

Email_thumb2One of the hardest types of phishing emails to defend against are those that come from the email account of a friend or trusted business associate, such as your dentist, lawyer, realtor.  The sender’s email address is not spoofed, because the malefactor has tricked them into providing their email address password.  The bad guys are actually logged into  your friend’s email account,  and now they are trying to do the same thing to ...

Continue Reading →
0

End of the Road for SHA-1?

sha-1SHA-1 or Secure Hashing Algorithm 1 was developed in 1993 by the National Security Agency (NSA).  It has been used to provide both hashing functions and digital signatures that validate that a certain document, web site, or other resource is genuine, original, and unchanged.

SHA-1 is used in common services such as SSL (secure websites) and TLS (secure email).  There has been discussion about the low security of SHA-1 going back to ...

Continue Reading →
0

Password Policy Improvements

password2On Monday we attacked the utility of current password policies and standards.  Today we will offer up an array of improvements.

To be truly effective from a security perspective, password policies need to be designed to withstand both online and offline password cracking methods. We discussed offline methods in our post last month, so we will not do more than recap them ...

Continue Reading →
0

Current Password Policies Don’t Work

good-passwordMost corporate password policies are a waste off time and do not add anything extra to providing secure authentication.  Many of these policies were put in place to meet the standards of various compliance bodies (PCI-DSS, HIPAA, etc.)  But basically these policies are not keeping up with the state of the art in password cracking, as we discussed last November in our post on ...

Continue Reading →
0

Should I Report My Cyber-Crime To the Cops?

ic3If you have been the victim of a ransomware scam, or fake tech support scam, or other computer incident, intrusion, or breach, you may be wondering if you should report it to the police.

If you report your crime to the police, it is unlikely that it is going to be solved and the perpetrator arrested.  Many local police departments have a computer fraud officer or even a larger group, but there ...

Continue Reading →
0

Adult Site Breach Exposes Weak Hashing

affThe site Adult Friend Finder, the “world’s largest sex and swingers site” recently exposed 412 million user credentials due to poor, or in some cases, non-existent password hashing practices. The biggest group losses were:

  • 339 million users of AdultFriendFinder.com
  • 62 million users of webcam site cams.com
  • 7.1 million users of Penthouse.com
  • 1.4 million users of stripshow.com

As we discussed last week, the reason that the Yahoo breach went unreported ...

Continue Reading →
0
Page 179 of 272 «...150160170177178179180181...»